What is AZORult | The Latest Trojan Malware

AZORult is a trojan malware that harvests and exfiltrates data from the compromised system. It is installed on a system via a first-stage malware, such as Seamless. The malware searches for the following information and sends it to its C2 server:

• Saved passwords, such as those from browsers, email and FTP servers;
• Cookies from browsers and forms, including autofill;
• wallet.dat files from popular bitcoin clients;
• Skype message history;
• Files from chat history;
• Desktop files;
• Files with specified extensions from Desktop and files in folders;
• List of installed programs;
• List of running processes; and
• Username, computer name, and operating system type.

In July 2018, AZORult was substantially updateded, improving both on its stealer and downloader functionality. It was immediately seen in a large email campaign, leveraging its new capabilities to distribute Hermes ransomware. The advertisement for AZORult version 3.2 notes the following updates:

• Added stealing of history from browsers (except IE and Edge).
• Added support for cryptocurrency wallets: Exodus, Jaxx, Mist, Ethereum, Electrum, Electrum-LTC.
• Improved loader. Now supports unlimited links. In the admin panel, you can specify the rules for how the loader works.

Stealer can now use system proxies. If a proxy is installed on the system, but there is no connection through it, the stealer will try to connect directly.